-
CSR
-
Resolution: Approved
-
P3
-
None
-
behavioral
-
low
-
-
SE
Summary
The MemorySegment::reinterpret
overloads shall retain the read-only state from the original segment. Currently, this is not the case.
Problem
It is possible to "crack open" a read-only segment by reinterpretation. This was not intended by the API designers and is a flaw.
Solution
Retain the read-only state for reinterpreted segments.
Specification
diff --git a/src/java.base/share/classes/java/lang/foreign/MemorySegment.java b/src/java.base/share/classes/java/lang/foreign/MemorySegment.java index 6c75c0385fa78..0318310e09f69 100644 --- a/src/java.base/share/classes/java/lang/foreign/MemorySegment.java +++ b/src/java.base/share/classes/java/lang/foreign/MemorySegment.java @@ -706,6 +718,10 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl { /** * Returns a new memory segment that has the same address and scope as this segment, * but with the provided size. + *+ * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. + * * * @param newSize the size of the returned segment * @return a new memory segment that has the same address and scope as @@ -741,6 +757,9 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl { * That is, the cleanup action receives a segment that is associated with the global * scope, and is accessible from any thread. The size of the segment accepted by the * cleanup action is {@link #byteSize()}. + *
+ * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. * * @apiNote The cleanup action (if present) should take care not to leak the received * segment to external clients that might access the segment after its @@ -786,6 +805,9 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl { * That is, the cleanup action receives a segment that is associated with the global * scope, and is accessible from any thread. The size of the segment accepted by the * cleanup action is {@code newSize}. + *
+ * If this segment is {@linkplain MemorySegment#isReadOnly() read-only}, + * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}. * * @apiNote The cleanup action (if present) should take care not to leak the received * segment to external clients that might access the segment after its
- csr of
-
JDK-8333884 MemorySegment::reinterpret removes read-only property
- Resolved